While financial services FinServ innovations often emerge with built-in security measures new market trends including faster payments and open banking are introducing new security threats to corporate treasury departments according to cybersecurity company BioCatch The treasury department is an increasingly attractive target to cyber fraudsters Account takeover attacks social engineering tactics and payments fraud all threaten businesses as attackers go after the high-value transactions typical of corporate finance BioCatch explained in a blog post last week Among the most prevalent is the Business Email Compromise BEC a type of social engineering attack that received significant attention last year The Federal Bureau of Investigation FBI has now pegged total losses to BEC scams at 12 billion across 150 countries marking a 136 percent rise in BEC cases between December 2016 and May 2018 The tactic is relatively simple Fraudsters can infiltrate company databases and email accounts to identify which executives would typically initiate a transaction then pose as that professional to receive company funds without suspicion However according to BioCatch the ongoing progress of corporate financial technology FinTech has created new opportunities for fraudsters to steal from their business targets even as emerging innovations put financial security at the center of their solutions Faster payments for instance can make it more difficult to detect that fraud has occurred BioCatch said particularly in instances of cross-border corporate payments Wire transfer fraud is of particular concern for corporate treasury the company wrote With instant payments fraudsters can not only move funds from legitimate users to themselves quickly but they can divert them just as fast By the time the fraudulent activity is noticed the stolen funds are nearly untraceable and may be impossible to recover Despite the warning many experts have assured that faster payments do not necessarily mean faster or an increase in fraud particularly as financial institutions FIs adopting faster and real-time payment capabilities enhance their anti-fraud efforts at the same time Furthermore so far corporate adoption of faster payment tools is limited In the case of Same Day ACH in the US NACHA found that in the first 11 days that the service went live in 2017 only 6 percent of the 2 million transactions made were B2B transactions More recently however BNY Mellon found that 29 percent of executives expect real-time payments to have a significant impact on their firms in the coming three years and treasurers will have to address changing fraud risks as a result BioCatch also pointed to open banking as another FinServ trend imposing changes on corporate fraud risks The emergence of open banking in the UK now means that banks are opening data to third-party payment providers TPPs via application program interfaces APIs presenting a new door into which cybercriminals can break While open banking and data sharing between banks and FinTech firms are largely viewed as consumer-facing trends some analysts have said corporates are headed for similar disruption A recent survey from treasury management solutions provider Centtrip found that three-quarters of UK businesses expect to benefit from open banking by the end of the decade despite awareness and uptake of open banking-based solutions still being limited among medium-sized and large corporates Open banking has a huge potential to shift the way financial data is shared and managed said Centtrip CEO and Co-founder Brian Jamieson in a statement earlier this week A year on from its launch we are just starting to understand its benefits and the way it may reshape the financial sector With businesses beginning to consider how to use open banking to their advantage analysts are closely watching how data sharing and FinTech APIs could create new avenues for cybercriminals In an interview with PYMNTS in November Shape Security VP of Product Management and Co-founder Sumit Agarwal explained how APIs offer another way for cybercriminals to attack by posing as a third party requesting seemingly legitimate access to bank data If I cant attack the banks front doors maybe I can pose as a small developer and find an alternative side door that still gets me through to the bank one way or another he explained BioCatch pointed to this risk in its blog post too Cybercriminals will take advantage of TPP security weakness to launch attacks against banks putting corporate treasury at risk the company stated For example a fraudster that takes over a users account on a TPP can then use that account to initiate fraudulent transactions with the connected bank For corporate treasurers this indicates the need to place greater emphasis not only on the security of bank partners but on the third-party payment firms that now receive data from the banks LATEST INSIGHTS Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation thats reshaping the payments and commerce ecosystem Check out the latest PYMNTS Digital Drive Report API B2B B2B Payments bank data BEC BioCatch corporate finance corporate payments corporate treasury faster payments FinServ FinTech fraud News Open Banking real time payments risk Security